Privacy Policy

With the following information, we would like to give you, as a visitor to our website, an overview of how your personal data is processed by us and of your rights under data protection law. Which data is processed in detail and in which way it is used depends largely on the services agreed upon. Therefore not all parts of this information will apply to you.

1. Controller and Contact Details of the Data Protection Officer

Responsible for the processing is
smartShift Technologies
Augustaanlage 59
68165 Mannheim
connect@smartshifttech.com

(hereinafter referred to as the “Company“)

You can reach our data protection officer at
smartShift Technologies
– Data protection officer –
Augustaanlage 59
68165 Mannheim
datenschutzbeauftragter@smartshift.com

2. Information on the Processing of Personal Data

2.1. Data Categories

In the context of the use of our websites, applications or online tools (hereinafter collectively referred to as “online offer”) we process the following personal data:

  • Personal data that you yourself enter voluntarily as part of an online offer (such as when registering, requests for contact, as part of requesting an offer, etc.), such as first and last name, e-mail address, telephone number, information provided when contacting us or details of the planned project
  • HTTP data is protocol data that is generated when the website is called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page called up, the page previously visited (referrer URL), date and time of the call. HTTP(S) data also accumulates on servers of service providers (e.g. when third-party content is called up).
  • Search function data is data that you enter into the search functions of our website: This includes all information that you enter as search terms in the respective search form on the website
  • Cookie setting data is used to manage your cookie settings. This includes your consent, your objections (opt-out) and, if applicable, your individual selection for the use of cookies on your end device
  • Error data are error messages from the server and individual applications that are stored.

2.2. Purposes and Legal Basis of Data Processing

In some cases we ask you expressly for your consent to the processing of your personal data. In this case, the legal basis for the processing of your personal data is the consent you have given us in accordance with Art. 6 para. 1 letter a GDPR in conjunction with Art. 7 GDPR. This consent can be revoked by you at any time with effect for the future.

2.2.1.  Technical Administration of the Website

When using the website, the browser used on your terminal device sends certain information to the server of our website (including HTTP data, search function data, cookie setting data and error data). This data is stored and processed on our server.

The data processing serves to prevent and detect fraudulent or similar actions including attacks on our IT infrastructure and to enable user authentication. At the same time, the processing serves to provide you with the contents of the website you have accessed, to correct errors, to enable and simplify searches on the website and to manage cookies.

The legal basis for this data processing is our legitimate interest (Art. 6 para. 1 letter f GDPR). Without disclosure of these personal data, such as the IP address, the use of the website is not possible. Communication via the website without providing data is not technically possible.

2.2.2.  Services

Furthermore, we process data to enable you to make use of the services and functions of our online offers, to process inquiries or to send you marketing information in case of corresponding inquiries. These data are stored and processed on our server and actively made available by you.

The legal basis for this data processing is the initiation of contractual relationships or the fulfilment of our contractual obligations (Art. 6 para. 1 letter b GDPR) and our legitimate interest (Art. 6 para. 1 letter f GDPR). Without the processing of personal data, we cannot fulfil the existing contract with you or process your inquiries.

2.3. Cookies

Within the framework of our online offer we also use so-called cookies. Cookies are small text files that are stored by your browser on your terminal device when you visit our website. Cookies contain information that is related to the context of use and your terminal device. When you call up the website again with the same terminal device, the information stored in cookies can be read out and processed. In doing so, we use processing and storage functions of the browser of your terminal device and collect information from the memory of the browser of your terminal device.

Depending on the type of cookie, the use of cookies is possible without consent and requires consent. Consent free cookies are especially those that are necessary to use our online offer or that serve the IT security (=technically necessary cookies). The legal basis for data processing in these cases is Art. 6 Para. 1 letter f GDPR.

In addition, we use statistical cookies and marketing cookies, for the use of which you can give us your consent in our “cookie banner” when calling up our online offer. Without such consent, the cookies requiring consent are not activated. By clicking the “Reject” button, you can also completely reject the use of cookies requiring consent. We store your cookie settings in the form of a cookie on your terminal device in order to determine whether you have already made cookie settings when you call up the website again.

Cookies required for the functioning of the website cannot be deactivated via the cookie management function of this website. However, you can deactivate these cookies generally in your browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the website may not function or no longer function properly if you deactivate cookies in your browser in general.

Overview of the cookies used on this website:

Provider Purpose Type Storage Period
Google Tag Manager Control the placement of cookies on our website and ensure the security of the application Technically necessary Until no longer required for the purposes of processing
Google Analytics Analytics Investigation of the user behaviour of our website in pseudonymised form to increase the efficiency of our use of resources for our website and to optimise our website Statistics 14 months
Hubspot Analytics Investigation of the user behaviour of our website in pseudonymised form to increase the efficiency of our use of resources for our website and to optimise our website Analytics cookies Different cookies are expiring in different time frames with max holding period being 13 months.

 

2.3.1.  Google Analytics

This website uses functions of the web analysis service “Google Analytics”. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics also uses so-called cookies. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6 para. 1 letter a GDPR. We obtain the necessary consent from our users immediately after calling up our website.

IP anonymisation

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within the states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.

Browser plug-in

You can also prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaopout?hl=de.

General objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will then be set to prevent the collection of your information on future visits to this website: Disable Google Analytics.

You can find more information on how Google Analytics handles user data in the Google privacy policy under the following link: https://support.google.com/analytics/answer/6004245?hl=de.

2.3.2. Hubspot

Hubspot uses the following cookies that are set on the smartShift website for tracking user interaction with the website elements and analytics

Cookie Type Cookie Name
Necessary Cookies __cfduid
Necessary Cookies __cfruid
Analytics Cookies __hstc
Analytics Cookies hubspotutk
Analytics Cookies __hssc
Analytics Cookies __hssrc

You can find information about the Hubspot cookies under the following link: https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

2.4. Contact

On our website there are contact forms which can be used for electronic contact. If a user takes advantage of these possibilities, the data entered in the input mask will be transmitted to us and part of the data will be stored. The processing of the personal data from the input mask serves us to process the establishment of contact and to prevent misuse of the contact form.

The legal basis for the processing of data transmitted in the course of contacting us is Art. 6 para. 1 letter f GDPR (legitimate interest). If the purpose of the contact is to conclude a contract, Art. 6 para. 1 letter b GDPR is a further legal basis for the processing. If the legal basis for processing is our legitimate interest, the user has the possibility to object to the processing of his personal data at any time. In such a case, however, the correspondence cannot be continued. Please send us your request for deletion via e-mail to […]. In this case, all personal data stored in the course of the contact will be deleted immediately.

In this context, the data will not be passed on to third parties outside the company. The data will be used exclusively for the processing of correspondence.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective correspondence is finished.

3. Social Media

We use references (“links”) to the social networks Facebook, LinkedIn, YouTube and Twitter on our website on the basis of Art. 6 para. 1 sentence 1 letter f GDPR to draw attention to our services and products and to contact you as a visitor and user of these social media sites and our website.

You can recognize the links by the logo of the respective social network. By clicking on the logo, a direct connection is established between your browser and the server of the respective service and you are redirected to the website of the service provider. These are not so-called social plug-ins, which establish a connection and data transfer to the respective social network as soon as you call up our website.

We point out that you use the following services and their functions at your own responsibility. We have no influence on the type and scope of processing. Furthermore, please note that when calling the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. In detail, these are the following third-party providers:

3.1. YouTube

This website uses the YouTube video platform, which is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube”). YouTube is a platform that enables the uploading and playback of video files. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

When you access a page from our site, the embedded YouTube player connects to YouTube’s servers to transmit and play video and audio files. In the process, data is also transferred to YouTube as the person responsible. We are not responsible for the processing of this data by YouTube.

For more information about the scope and purpose of the data collected, the further processing and use of the data by YouTube, your rights and the data protection options you can choose, please see the YouTube privacy policy.

3.2. Facebook

This online offer also links to the services of the company “Facebook” (hereinafter “Facebook”). The operating company of Facebook is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for processing personal data if a data subject lives outside the USA or Canada.

When you visit our Facebook fan page, Facebook records in particular your IP address and, if applicable, other information that is available on your PC in the form of cookies. This information is used to provide us, as the owner of the Facebook Fan Page, with statistical information about the usage of the Facebook Page.

The data collected about you in this context will be processed by Facebook and may be transferred to countries outside the European Union. We would like to point out that Facebook is responsible for the corresponding transmission and subsequent processing procedures under data protection law. Which concrete data Facebook receives and how this is used is described in general terms in the Facebook data protection guidelines. Further information on this can be found in the Facebook privacy policy.

3.3. LinkedIn

This website also links to our presence on the social platform LinkedIn, which serves to initiate and establish professional contacts. LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. We would like to point out that LinkedIn is responsible for the corresponding transmission and subsequent processing operations in accordance with data protection law. What specific data LinkedIn receives and how it is used is described in general terms in the LinkedIn privacy policy.

3.4. Twitter

We link on our website to our Twitter Inc. short message service subpage, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. Responsible for data processing of persons living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

By using Twitter, your personal information will be collected, transferred, stored, disclosed and used by Twitter Inc. regardless of your residence in the United States, Ireland and any other country in which Twitter Inc. conducts business, and will be transferred, stored and used by Twitter Inc. Firstly, Twitter processes all information you voluntarily enter, such as your name and user ID, email address, phone number and the contacts in your address book when you upload or synchronize it. Furthermore, Twitter also evaluates the content you share to determine what topics you are interested in and may store and process confidential messages.

For information on what data is processed by Twitter and for what purposes, please see the Twitter privacy policy.

4. Recipients and Recipient Categories

Within our company, access to your data is granted to those entities that need it to fulfil their contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes, provided they maintain confidentiality and integrity in particular. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting, and sales and marketing.

With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. We may only pass on information about you if required by law, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be:

  • public bodies and institutions (e.g. tax authorities, criminal prosecution authorities, family courts, land registry offices) if there is a legal or official obligation,
  • Credit and financial service institutions or comparable institutions to which we transfer personal data in the course of the business relationship (e.g. banks, credit agencies),
  • Creditors or insolvency administrators who make inquiries in the context of a foreclosure,
  • Certified public accountant,
  • Service providers that we call upon within the framework of contract processing relationships,
  • Sales representative of the company

5. Transfer to Third Countries

Data is transferred to bodies in countries outside the European Union (so-called third countries) if

  • it is necessary for the execution of your orders (e.g. delivery orders)
  • it is required by law (e.g. reporting obligations under tax law) or
  • you have given us your consent.

Furthermore, a transfer to bodies in third countries cannot be excluded in the following cases:

  • to maintain and ensure the IT operation and IT security of the company and
  • on combating money laundering, terrorist financing and other criminal activities.

The use of our social media and map services may result in data transmissions and subsequent processing of usage data in the USA. The legal basis for any processing activities is your explicitly declared consent, which you have given via the cookie banner. Your consent justifies such data processing exceptionally on a case-by-case basis in accordance with Art. 49 para. 1 lit. a GDPR. Please note that the level of data protection in the USA is not comparable to that in the EU and EEA. In particular, it is possible that state authorities may access your personal data on the basis of legal authorizations without us or you being informed. There are no comparable possibilities for our own legal enforcement in the USA, so that this does not seem promising.

Any data transmissions take place exclusively automatically in connection with the use of our social media offerings and Google’s map services and with the help of cookies. Further details can be found in the “Cookies” and “Social Media” sections of this privacy policy.

6. Storage Duration

We process and store your personal data as long as it is necessary for the fulfilment of our contractual obligations and the exercise of our rights. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their – temporary – further processing is necessary for the following purposes:

  • Fulfilment of commercial and tax law storage obligations from the German Commercial Code (HGB), the German Fiscal Code (AO) and the Money Laundering Act (GwG). The periods of retention and documentation specified there are usually two to ten years.
  • Preservation of evidence within the framework of the statutory limitation regulations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

7. Data Security

Our employees and the service companies commissioned by us are obliged to maintain secrecy and comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organizational security measures to protect your personal data from loss, alteration, destruction and access by unauthorized persons or unauthorized disclosure. Our security measures are constantly improved in line with technological developments.

8. Rights of Data Subjects

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restrict processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. In the case of the right of access and the right to erasure, the restrictions pursuant to Sec. 34 and 35 German Data Protection Act (BDSG) apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Sec. 19 BDSG).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future.

You also have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you, in particular on the basis of Art. 6 para. 1 letter f GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms. This includes in particular that the processing is necessary for the assertion, exercise or defence of legal claims.

Furthermore, you have the right according to Art. 22 GDPR not to be subject to a fully automated decision making process. As a matter of principle, we do not use any fully automated decision-making process to establish, implement or terminate the business relationship. Should we use these procedures in individual cases (e.g. to improve our products and services), we will inform you separately about this and about your rights in this regard, provided this is required by law.

9. Obligation to Provide Data

Within the scope of our business relationship, you must provide us with those personal contractual data which are necessary for the commencement, execution and termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to conclude, execute and terminate a contract with you.

The same applies to visiting our online offer and the collection of usage data. Without the collection of usage data, we and our service providers will not be able to provide you with our online offer.

10. Profiling

We do not automatically process your personal data in such a way that it has legal effect on you or in a similar way that it significantly affects you.

11. Topicality

This privacy policy is currently valid and has the status of April 2020.